SELinux preventing ifconfig from reading log files, writing to sockets

Solution Verified - Updated -

Issue

  • Multiple servers are getting the following entries in /var/log/messages

    Jul  1 14:30:23 example.com setroubleshoot: SELinux is preventing ifconfig (ifconfig_t) "read" to /var/log/simpana/Log_Files/cvfwd.log (var_log_t). For complete SELinux messages. run sealert -l 3cb7a52e-673c-483c-992d-240881981b6c
Jul  1 14:30:25 example.com audisp-remote: queue is full - dropping event

  • Our /var/log/audit/audit.log file is filling up (and getting rotated out quickly!) with the same 3 messages like the following:

    node=example.com type=AVC msg=audit(1435778063.029:1605234): avc:  denied  { read } for  pid=31039 comm="ifconfig" path="/var/log/simpana/Log_Files/cvfwd.log" dev=dm-3 ino=2293801 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
node=example.com type=AVC msg=audit(1435778063.029:1605234): avc:  denied  { read write } for  pid=31039 comm="ifconfig" path="socket:[15738]" dev=sockfs ino=15738 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=tcp_socket
node=example.com type=AVC msg=audit(1435778063.029:1605234): avc:  denied  { read } for  pid=31039 comm="ifconfig" path="eventpoll:[15739]" dev=eventpollfs ino=15739 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=file

Environment

  • Red Hat Enterprise Linux
  • SELinux
  • Any 3rd-party application

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content